README
¶
goHive5
goHive5 is an unofficial API client library for the TheHive5 platform.
Some functionalities are still missing.
Please feel free to contribute or create issues for additional functionality requests.
Overview: goHive5
Check out examples for more examples.
TODO
- Write tests for functions
- Add more examples
- Add administrative functions
- Add more API coverage
Install
go get github.com/b401/gohive5
import "github.com/b401/gohive5"
Initialize a hive object
verifyCert := true
hive := thehive5.CreateLogin("https://thehive.example.com", "apitoken", verifyCert)
Create case example with customFields
tasks := []thehive5.CaseTask{
thehive5.CaseTask{Title: "Identification", Status: "Waiting",Flag: true},
thehive5.CaseTask{Title: "Containment", Description: "Please contain this threat"},
thehive5.CaseTask{Title: "Eradication", Status: "InProgress", Mandatory: true},
}
caseObject := &thehive5.HiveCase {
Title: "case title",
Description: "case description",
Severity: "critical",
Tlp: "amber",
Pap: "amber",
Tasks: &tasks,
Tags: []string{"gohive5", "example", "case"},
Flag: true,
}
ret, err := handler.CreateCase(caseObject); if err != nil {
fmt.Println(err)
}
This will return a pointer to a HiveCaseResponse struct
type HiveCaseResponse struct {
Id string `json:"_id"`
Title string `json:"title"`
Number int `json:"number"`
Description string `json:"description"`
Status string `json:"status"`
Stage string `json:"stage"`
StartDate time.Time `json:"startDate"`
Tlp int `json:"tlp"`
Pap int `json:"pap"`
Type string `json:"_type"`
CreatedBy string `json:"_createdBy"`
UpdatedBy string `json:"_updatedBy"`
CreatedAt time.Time `json:"_createdAt"`
UpdatedAt time.Time `json:"_updatedAt"`
EndDate time.Time `json:"endDate"`
Tags []string `json:"tags"`
Flag bool `json:"flag"`
TlpLabel string `json:"tlpLabel"`
PapLabel string `json:"papLabel"`
Summary string `json:"summary"`
Severity int `json:"severity"`
ImpactStatus string `json:"impactStatus"`
Assignee string `json:"assignee"`
CustomFields []CustomField `json:"customFields"`
UserPermissions []string `json:"userPermissions"`
ExtraData map[string]string `json:"extraData"`
NewDate time.Time `json:"newDate"`
InProgressDate time.Time `json:"inProgressDate"`
ClosedDate time.Time `json:"closedDate"`
AlertDate time.Time `json:"alertDate"`
AlertNewDate time.Time `json:"alertNewDate"`
AlertInProgressDate time.Time `json:"alertInProgressDate"`
AlertImportedDate time.Time `json:"alertImportedDate"`
TimeToDetect time.Duration `json:"timeToDetect"`
TimeToTriage time.Duration `json:"timeToTriage"`
TimeToQualify time.Duration `json:"timeToQualify"`
TimeToAcknowledge time.Duration `json:"timeToAcknowledge"`
TimeToResolve time.Duration `json:"timeToResolve"`
HandlingDuration time.Duration `json:"handlingDuration"`
}
Create alert example with customFields & observables
observables := &[]thehive5.Observable {
thehive5.Observable{DataType: "ip", Data: "8.8.8.8"},
thehive5.Observable{DataType: "domain", Data: "google.com"},
}
// Create a new empty customField slice
customFields := &[]thehive5.CustomField{ thehive5.CustomField{ Name: "UUID", Group: "Group", Description: "UUID", Type: "string", Value: uuid.New()}}
alertObject := &thehive5.HiveAlert {
Title: "Alert Title",
Description: "Alert Description",
Observables: observables,
Status: "InProgress",
Tlp: thehive5.TlpAmber.String(),
Pap: thehive5.PapRed.String(),
Severity: thehive5.SeverityHigh.String(),
Tags: []string{"example", "tag"},
Source: "Defender for Endpoint",
SourceRef: "#123123124",
ExternalLink: "https://uauth.io",
CustomFields: customFields,
Flag: true,
}
ret, err := handler.CreateAlert(alertObject); if err != nil {
fmt.Printf("%+v", err)
}
hive.CreateAlert returns a pointer to an HiveAlertResponse struct
Documentation
¶
Overview ¶
thehive5 implements functionality to interact with the most recent version of thehive. https://www.strangebee.com/thehive/
thehive5 implements functionality to interact with the most recent version of thehive. https://www.strangebee.com/thehive/
thehive5 implements functionality to interact with the most recent version of thehive. https://www.strangebee.com/thehive/
thehive5 implements functionality to interact with the most recent version of thehive. https://www.strangebee.com/thehive/
thehive5 implements functionality to interact with the most recent version of thehive. https://www.strangebee.com/thehive/
thehive5 implements functionality to interact with the most recent version of thehive. https://www.strangebee.com/thehive/
thehive5 implements functionality to interact with the most recent version of thehive. https://www.strangebee.com/thehive/
thehive5 implements functionality to interact with the most recent version of thehive. https://www.strangebee.com/thehive/
thehive5 implements functionality to interact with the most recent version of thehive. https://www.strangebee.com/thehive/
thehive5 implements functionality to interact with the most recent version of thehive. https://www.strangebee.com/thehive/
thehive5 implements functionality to interact with the most recent version of thehive. https://www.strangebee.com/thehive/
Index ¶
- Constants
- type ApiErrorResponse
- type Attachment
- type CaseStatusResponse
- type CaseTask
- type CaseTaskResponse
- type CaseTemplate
- type CaseTemplateResponse
- type Comment
- type CommentResponse
- type CustomEvent
- type CustomField
- type CustomFieldResponse
- type EventDetail
- type ExtraData
- type Filter
- type FullTimelineResponse
- type HiveAlert
- type HiveAlertResponse
- type HiveCase
- type HiveCaseResponse
- type HiveSearch
- type HiveUpdateAlert
- type HiveUpdateCase
- type Hivedata
- func (hive *Hivedata) AddAlertComment(alertId string, comment *Comment) (*CommentResponse, error)
- func (hive *Hivedata) AddAlertObservable(alertNumber string, observable Observable) error
- func (hive *Hivedata) AddAlertProcedure(alertId string, procedure *Procedure) (*ProcedureResponse, error)
- func (hive *Hivedata) AddCaseComment(caseId int, comment *Comment) (*CommentResponse, error)
- func (hive *Hivedata) AddCaseObservable(incidentNumber int, observable *Observable) error
- func (hive *Hivedata) AddCaseObservableFile(incidentNumber int, observable *Observable, file *os.File) error
- func (hive *Hivedata) AddCaseProcedure(caseId int, procedure *Procedure) (*ProcedureResponse, error)
- func (hive *Hivedata) AddTaskToCase(caseId int, task *CaseTask) (*CaseTaskResponse, error)
- func (hive *Hivedata) CreateAlert(alertObject *HiveAlert) (*HiveAlertResponse, error)
- func (hive *Hivedata) CreateCase(newCase *HiveCase) (*HiveCaseResponse, error)
- func (hive *Hivedata) CreateCaseFromAlert(alertId string, alert *HiveCase) (*HiveCaseResponse, error)
- func (hive *Hivedata) CreateTaskLog(taskId string, log *TaskLog) (*TaskLogResponse, error)
- func (hive *Hivedata) CreateTimelineEvent(caseId int, event *TimelineEvent) (*TimelineEventResponse, error)
- func (hive *Hivedata) DeleteAlert(alertId string) error
- func (hive *Hivedata) DeleteCase(caseId int) error
- func (hive *Hivedata) DeleteCaseTemplate(templateName string) error
- func (hive *Hivedata) DeleteObservable(observableID string) error
- func (hive *Hivedata) DeleteTask(taskId string) error
- func (hive *Hivedata) DeleteTimelineEvent(eventId string) error
- func (hive *Hivedata) FindAlertsByCustomField(queryfield string, queryvalue string) ([]HiveAlertResponse, error)
- func (hive *Hivedata) FindAlertsByFieldTimed(queryfield string, queryvalue string, timeframe time.Time) ([]HiveAlertResponse, error)
- func (hive *Hivedata) FindCase(searchQuery []SearchQuery) ([]HiveCaseResponse, error)
- func (hive *Hivedata) FindCaseByCustomField(queryfield string, queryvalue string) ([]HiveCaseResponse, error)
- func (hive *Hivedata) FindObservable(value string) ([]ObservableResponse, error)
- func (hive *Hivedata) GetAlert(alertId string) (*HiveAlertResponse, error)
- func (hive *Hivedata) GetAlertComments(alertId string) ([]CommentResponse, error)
- func (hive *Hivedata) GetAlertObservable(alertId, queryfield, queryvalue string) (*ObservableResponse, error)
- func (hive *Hivedata) GetAlertObservables(alertId string) ([]ObservableResponse, error)
- func (hive *Hivedata) GetAlertsTimed(timeframe time.Time) ([]HiveAlertResponse, error)
- func (hive *Hivedata) GetCase(caseId int) (*HiveCaseResponse, error)
- func (hive *Hivedata) GetCaseAlerts(caseId int) ([]HiveAlertResponse, error)
- func (hive *Hivedata) GetCaseComments(caseId int) ([]CommentResponse, error)
- func (hive *Hivedata) GetCaseCommentsTimed(caseId int, timeframe time.Time) ([]CommentResponse, error)
- func (hive *Hivedata) GetCaseObservables(caseId int) ([]ObservableResponse, error)
- func (hive *Hivedata) GetCaseObservablesFiltered(caseId int, queryfield, queryvalue string) ([]ObservableResponse, error)
- func (hive *Hivedata) GetCaseStatusOptions() ([]CaseStatusResponse, error)
- func (hive *Hivedata) GetCaseTasks(caseId int) ([]CaseTaskResponse, error)
- func (hive *Hivedata) GetCaseTemplate(templateName string) (*CaseTemplateResponse, error)
- func (hive *Hivedata) GetCasesTimed(timeframe time.Time) ([]HiveCaseResponse, error)
- func (hive *Hivedata) GetObservable(observableID string) (*ObservableResponse, error)
- func (hive *Hivedata) GetObservableTypes() ([]ObservableTypeResponse, error)
- func (hive *Hivedata) GetTask(taskId string) (*CaseTaskResponse, error)
- func (hive *Hivedata) GetTaskLogs(taskId string) ([]TaskLogResponse, error)
- func (hive *Hivedata) GetTimeline(caseId int) ([]FullTimelineResponse, error)
- func (hive *Hivedata) GetTimelineEvent(caseId int, eventId string) (*EventDetail, error)
- func (hive *Hivedata) GetVisibleUsers() ([]UserResponse, error)
- func (hive *Hivedata) MergeAlert(alertId string, caseNumber int) error
- func (hive *Hivedata) UpdateAlert(alertId string, alert *HiveUpdateAlert) error
- func (hive *Hivedata) UpdateCase(idOrName int, updatedCase *HiveUpdateCase) error
- func (hive *Hivedata) UpdateCaseTemplate(templateName string, updatedTemplate CaseTemplate) error
- func (hive *Hivedata) UpdateObservable(observableID string, observable *Observable) error
- func (hive *Hivedata) UpdateTask(taskId string, task *CaseTask) error
- func (hive *Hivedata) UpdateTimelineEvent(eventId string, event *TimelineEvent) error
- type HttpClient
- type Links
- type Observable
- type ObservableResponse
- type ObservableTypeResponse
- type Organisations
- type Pages
- type Pap
- type Procedure
- type ProcedureResponse
- type Scope
- type SearchQuery
- type Severity
- type SharingParameter
- type TaskLog
- type TaskLogResponse
- type TimelineEvent
- type TimelineEventResponse
- type Tlp
- type UserResponse
Constants ¶
const ( POST method = "POST" GET method = "GET" PATCH method = "PATCH" DELETE method = "DELETE" )
Constant to handle HTTP methods
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ApiErrorResponse ¶
A GenericResponse can be used for certain API calls to the hive
func (ApiErrorResponse) Error ¶
func (h ApiErrorResponse) Error() string
Error() reciever implementation to display API errors
type Attachment ¶
type CaseStatusResponse ¶
type CaseStatusResponse struct {
Id string `json:"_id"`
Type string `json:"_type"`
UpdatedAt time.Time `json:"_updatedAt,omitempty"`
UpdatedBy string `json:"_updatedBy,omitempty"`
CreatedAt time.Time `json:"_createdAt"`
CreatedBy string `json:"_createdBy"`
Value string `json:"value"`
Stage string `json:"stage"`
Order int `json:"order,omitempty"`
Description string `json:"description,omitempty"`
Colour string `json:"colour,omitempty"`
ExtraData map[string]string `json:"extraData"`
}
A CaseStatusResponse is used for containing all possible case status options
func (*CaseStatusResponse) UnmarshalJSON ¶
func (cs *CaseStatusResponse) UnmarshalJSON(data []byte) error
type CaseTask ¶
type CaseTask struct {
Title string `json:"title"`
Group string `json:"group,omitempty"`
Description string `json:"description,omitempty"`
Status string `json:"status,omitempty"`
Flag bool `json:"flag,omitempty"`
StartDate time.Time `json:"startDate,omitempty"`
EndDate time.Time `json:"endDate,omitempty"`
DueDate time.Time `json:"dueDate,omitempty"`
Order *int `json:"order,omitempty"`
Assignee string `json:"assignee,omitempty"`
Mandatory bool `json:"mandatory,omitempty"`
}
CaseTask contains all task informations
func (*CaseTask) MarshalJSON ¶
Marshalling the CaseTask requests
type CaseTaskResponse ¶
type CaseTaskResponse struct {
Id string `json:"_id"`
Type string `json:"_type"`
CreatedBy string `json:"_createdBy"`
UpdatedBy string `json:"_updatedBy"`
CreatedAt time.Time `json:"_createdAt"`
UpdatedAt time.Time `json:"_updatedAt"`
Title string `json:"title"`
Group string `json:"group"`
Description string `json:"description"`
Status string `json:"status"`
Flag bool `json:"flag"`
StartDate time.Time `json:"startDate"`
EndDate time.Time `json:"endDate"`
Assignee string `json:"assignee"`
Order int `json:"order"`
DueDate time.Time `json:"dueDate"`
Mandatory bool `json:"mandatory"`
ExtraData struct{} `json:"extraData"`
}
CaseTaskResponse stores the response of a task that was added to a case in The Hive
func (*CaseTaskResponse) UnmarshalJSON ¶
func (ct *CaseTaskResponse) UnmarshalJSON(data []byte) error
shadow Unmarshalling function for CaseTaskResponse
type CaseTemplate ¶
type CaseTemplate struct {
Name string `json:"name"`
DisplayName string `json:"displayName,omitempty"`
TitlePrefix string `json:"titlePrefix,omitempty"`
Description string `json:"description,omitempty"`
Severity *Severity `json:"severity,omitempty"`
Tags *[]string `json:"tags,omitempty"`
Flag *bool `json:"flag,omitempty"`
Tlp string `json:"tlp,omitempty"`
Pap string `json:"pap,omitempty"`
Summary string `json:"summary,omitempty"`
CustomFields *[]CustomField `json:"customFields"`
}
A CaseTemplate contains the mapping for the thehive5 api
func (*CaseTemplate) MarshalJSON ¶
func (c *CaseTemplate) MarshalJSON() ([]byte, error)
Marshalling the alert requests
type CaseTemplateResponse ¶
type CaseTemplateResponse struct {
Id string `json:"_id"`
Type string `json:"_type"`
CreatedBy string `json:"_createdBy"`
UpdatedBy string `json:"_updatedBy,omitempty"`
CreatedAt time.Time `json:"_createdAt"`
UpdatedAt time.Time `json:"_updatedAt,omitempty"`
Name string `json:"name"`
DisplayName string `json:"displayName"`
TitlePrefix string `json:"titlePrefix,omitempty"`
Description string `json:"description,omitempty"`
Severity Severity `json:"severity,omitempty"`
SeverityLabel string `json:"severityLabel,omitempty"`
Tags []string `json:"tags,omitempty"`
Flag bool `json:"flag"`
Tlp Tlp `json:"tlp,omitempty"`
TlpLabel string `json:"tlpLabel,omitempty"`
Pap Pap `json:"pap,omitempty"`
PapLabel string `json:"papLabel,omitempty"`
Summary string `json:"summary,omitempty"`
CustomFields []CustomField `json:"customFields,omitempty"`
Tasks []CaseTask `json:"tasks,omitempty"`
ExtraData struct{} `json:"extraData,omitempty"`
}
CaseTemplateResponse contain the response of thehive5 templates endpoint
func (*CaseTemplateResponse) UnmarshalJSON ¶
func (ctr *CaseTemplateResponse) UnmarshalJSON(data []byte) error
shadow unmarshal function for CaseTemplate
type CommentResponse ¶
type CommentResponse struct {
Id string `json:"_id"`
Type string `json:"_type"`
CreatedBy string `json:"createdBy"`
CreatedAt time.Time `json:"createdAt"`
UpdatedAt time.Time `json:"updatedAt"`
UpdatedBy string `json:"updatedBy"`
Message string `json:"message"`
IsEdited bool `json:"isEdited"`
ExtraData map[string]string `json:"extraData"`
}
comment contains informations about a comment object on an alert or case
func (*CommentResponse) MarshalJSON ¶
func (c *CommentResponse) MarshalJSON() ([]byte, error)
Marshalling the comment converting the time objects into Unixmilli int64 values
func (*CommentResponse) UnmarshalJSON ¶
func (c *CommentResponse) UnmarshalJSON(data []byte) error
Custom unmarshaller for Comment
type CustomEvent ¶
type CustomEvent struct {
Id string `json:"_id"`
Type string `json:"_type"`
CreatedBy string `json:"_createdBy"`
UpdatedAt time.Time `json:"_updatedAt,omitempty"`
CreatedAt time.Time `json:"_createdAt"`
Title string `json:"title"`
Date time.Time `json:"date"`
EndDate time.Time `json:"endDate,omitempty"`
Description string `json:"description,omitempty"`
UpdatedBy string `json:"_updatedBy,omitempty"`
}
func (*CustomEvent) UnmarshalJSON ¶
func (c *CustomEvent) UnmarshalJSON(data []byte) error
Unmarshal thehive5 returned values into the Task structs. Making sure that int64 gets converted into time.Time
type CustomField ¶
type CustomField struct {
Name string `json:"name"`
DisplayName string `json:"displayName,omitempty"`
Group string `json:"group"`
Value interface{} `json:"value"`
Description string `json:"description"`
Type string `json:"type"`
Mandatory bool `json:"mandatory,omitempty"`
Options *map[string]string `json:"options,omitempty"`
}
A CustomField contains the custom field declaration on thehive5 Make sure that the name attribute exists on your thehive5 instance
func (*CustomField) MarshalJSON ¶
func (c *CustomField) MarshalJSON() ([]byte, error)
MarshalJSON sets the customField name to lowercase as all customFields on thehive5 are in that format as well
type CustomFieldResponse ¶
type CustomFieldResponse struct {
Id string `json:"_id"`
Type string `json:"_type,omitempty"`
CreatedBy string `json:"_createdBy,omitempty"`
UpdatedBy string `json:"_updatedBy"`
CreatedAt time.Time `json:"_createdAt"`
UpdatedAt time.Time `json:"_updatedAt,omitempty"`
Name string `json:"name"`
DisplayName string `json:"displayName"`
Group string `json:"group"`
Description string `json:"description"`
FieldType string `json:"type"`
Options []map[string]string `json:"options,omitempty"`
Mandatory bool `json:"mandatory"`
ExtraData map[string]string `json:"extraData"`
}
func (*CustomFieldResponse) UnmarshalJSON ¶
func (c *CustomFieldResponse) UnmarshalJSON(data []byte) error
Unmarshal thehive5 returned values into the HiveAlertResponse structs. Making sure that int64 gets converted into time.Time
type EventDetail ¶
type EventDetail struct {
Task *CaseTaskResponse `json:"task,omitempty"`
CustomEvent *CustomEvent `json:"customEvent,omitempty"`
}
EventDetail contains either a Task or a CustomEvent
type Filter ¶
type Filter struct {
Field string `json:"_field"`
Fields map[string]string `json:"-,omitempty"`
Value interface{} `json:"_value,omitempty"`
Values []interface{} `json:"_values,omitempty"`
Scope *Scope `json:",omitempty"`
ExtraData *struct{} `json:"extraData,omitempty"`
}
A Filter is used for filtering on the query endpoint
type FullTimelineResponse ¶
type FullTimelineResponse struct {
TimelineDate time.Time `json:"date"`
Kind string `json:"kind"`
Entity string `json:"entity"`
EntityID string `json:"entityId"`
Details EventDetail `json:"details,omitempty"`
}
FullTimelineResponse gets returned if the full timeline is requested for a case
func (*FullTimelineResponse) UnmarshalJSON ¶
func (ftr *FullTimelineResponse) UnmarshalJSON(data []byte) error
Unmarshal thehive5 returned values into the FullTimelineResponse structs. Making sure that int64 gets converted into time.Time
type HiveAlert ¶
type HiveAlert struct {
Type string `json:"type"`
Source string `json:"source"`
SourceRef string `json:"sourceRef"`
Title string `json:"title"`
Description string `json:"description"`
Severity string `json:"severity,omitempty"`
Date time.Time `json:"date,omitempty"`
Tags []string `json:"tags,omitempty"`
ExternalLink string `json:"externalLink,omitempty"`
Flag bool `json:"flag,omitempty"`
Tlp string `json:"tlp,omitempty"`
Pap string `json:"pap,omitempty"`
CustomFields *[]CustomField `json:"customFields,omitempty"`
Summary string `json:"summary,omitempty"`
Status string `json:"status,omitempty"`
Assignee string `json:"assignee,omitempty"`
CaseTemplate string `json:"caseTemplate,omitempty"`
Observables *[]Observable `json:"observables,omitempty"`
Procedures *[]Procedure `json:"procedures,omitempty"`
}
A HiveAlert stores an alert for updating and creating new alerts on thehive5
func (*HiveAlert) MarshalJSON ¶
Marshalling the alert requests
type HiveAlertResponse ¶
type HiveAlertResponse struct {
Id string `json:"_id"`
Type string `json:"_type"`
CreatedBy string `json:"_createdBy"`
UpdatedBy string `json:"_updatedBy"`
CreatedAt time.Time `json:"_createdAt"`
UpdatedAt time.Time `json:"_updatedAt"`
AlertType string `json:"type"`
Source string `json:"source"`
SourceRef string `json:"sourceRef"`
ExternalLink string `json:"externalLink"`
Title string `json:"title"`
Description string `json:"description"`
Severity int `json:"severity"`
SeverityLabel string `json:"severityLabel"`
Date time.Time `json:"date"`
Tags []string `json:"tags"`
Tlp int `json:"tlp"`
TlpLabel string `json:"tlpLabel"`
Pap int `json:"pap"`
PapLabel string `json:"papLabel"`
Follow bool `json:"follow"`
CustomFields []CustomField `json:"customFields"`
CaseTemplate string `json:"caseTemplate"`
ObservableCount int64 `json:"observableCount"`
CaseID string `json:"caseId"`
Status string `json:"status"`
Stage string `json:"stage"`
Assignee string `json:"assignee"`
Summary string `json:"summary"`
ExtraData struct{} `json:"extraData"`
NewDate time.Time `json:"newDate"`
InProgressDate time.Time `json:"inProgressDate"`
ClosedDate time.Time `json:"closedDate"`
ImportedDate time.Time `json:"importedDate"`
TimeToDetect time.Duration `json:"timeToDetect"`
TimeToTriage time.Duration `json:"timeToTriage"`
TimeToQualify time.Duration `json:"timeToQualify"`
TimeToAcknowledge time.Duration `json:"timeToAcknowledge"`
}
An HiveAlertResponse contains the attributes thehive5 sends back on requests fields may contain nil
func (*HiveAlertResponse) UnmarshalJSON ¶
func (ar *HiveAlertResponse) UnmarshalJSON(data []byte) error
Unmarshal thehive5 returned values into the HiveAlertResponse structs. Making sure that int64 gets converted into time.Time
type HiveCase ¶
type HiveCase struct {
Title string `json:"title"`
Description string `json:"description"`
Severity string `json:"severity,omitempty"`
StartDate time.Time `json:"startDate,omitempty"`
EndDate time.Time `json:"endDate,omitempty"`
Tags []string `json:"tags,omitempty"`
Flag bool `json:"flag,omitempty"`
Tlp string `json:"tlp,omitempty"`
Pap string `json:"pap,omitempty"`
Status string `json:"status,omitempty"`
Summary string `json:"summary,omitempty"`
Assignee string `json:"assignee,omitempty"`
CustomFields *[]CustomField `json:"customFields,omitempty"`
Template string `json:"caseTemplate,omitempty"`
Pages *[]Pages `json:"pages,omitempty"`
Tasks *[]CaseTask `json:"tasks,omitempty"`
SharingParameters *[]SharingParameter `json:"sharingParameters,omitempty"`
TaskRule string `json:"taskRule,omitempty"`
ObservableRule string `json:"observableRule,omitempty"`
}
A HiveCase includes all informations related to a case It also includes the fields for an updated task
func (*HiveCase) MarshalJSON ¶
Marshalling the case requests converting the time objects into Unixmilli int64 values
type HiveCaseResponse ¶
type HiveCaseResponse struct {
Id string `json:"_id"`
Title string `json:"title"`
Number int `json:"number"`
Description string `json:"description"`
Status string `json:"status"`
Stage string `json:"stage"`
StartDate time.Time `json:"startDate"`
Tlp int `json:"tlp"`
Pap int `json:"pap"`
Type string `json:"_type"`
CreatedBy string `json:"_createdBy"`
UpdatedBy string `json:"_updatedBy"`
CreatedAt time.Time `json:"_createdAt"`
UpdatedAt time.Time `json:"_updatedAt"`
EndDate time.Time `json:"endDate"`
Tags []string `json:"tags"`
Flag bool `json:"flag"`
TlpLabel string `json:"tlpLabel"`
PapLabel string `json:"papLabel"`
Summary string `json:"summary"`
Severity int `json:"severity"`
ImpactStatus string `json:"impactStatus"`
Assignee string `json:"assignee"`
CustomFields []CustomField `json:"customFields"`
UserPermissions []string `json:"userPermissions"`
ExtraData map[string]string `json:"extraData"`
NewDate time.Time `json:"newDate"`
InProgressDate time.Time `json:"inProgressDate"`
ClosedDate time.Time `json:"closedDate"`
AlertDate time.Time `json:"alertDate"`
AlertNewDate time.Time `json:"alertNewDate"`
AlertInProgressDate time.Time `json:"alertInProgressDate"`
AlertImportedDate time.Time `json:"alertImportedDate"`
TimeToDetect time.Duration `json:"timeToDetect"`
TimeToTriage time.Duration `json:"timeToTriage"`
TimeToQualify time.Duration `json:"timeToQualify"`
TimeToAcknowledge time.Duration `json:"timeToAcknowledge"`
TimeToResolve time.Duration `json:"timeToResolve"`
HandlingDuration time.Duration `json:"handlingDuration"`
}
HiveCaseResponse stores the response of a case from thehive
func (*HiveCaseResponse) UnmarshalJSON ¶
func (hc *HiveCaseResponse) UnmarshalJSON(data []byte) error
type HiveSearch ¶
type HiveSearch struct {
Query []SearchQuery `json:"query"`
}
HiveSearch is used to create the root search query
type HiveUpdateAlert ¶
type HiveUpdateAlert struct {
Type string `json:"type,omitempty"`
Source string `json:"source,omitempty"`
SourceRef string `json:"sourceRef,omitempty"`
ExternalLink string `json:"externalLink,omitempty"`
Title string `json:"title,omitempty"`
Description string `json:"description,omitempty"`
Severity string `json:"severity,omitempty"`
Date time.Time `json:"date,omitempty"`
LastSyncDate time.Time `json:"lastSyncDate,omitempty"`
Tags []string `json:"tags,omitempty"`
Tlp string `json:"tlp,omitempty"`
Pap string `json:"pap,omitempty"`
Follow *bool `json:"follow,omitempty"`
CustomFields []CustomField `json:"customFields,omitempty"`
Status string `json:"status,omitempty"`
Summary string `json:"summary,omitempty"`
Assignee string `json:"assignee,omitempty"`
AddTags []string `json:"addTags,omitempty"`
RemoveTags []string `json:"removeTags,omitempty"`
}
A HiveUpdateAlert stores information to update an existing alert Looks incomplete on theHive api documentation
func (*HiveUpdateAlert) MarshalJSON ¶
func (ha *HiveUpdateAlert) MarshalJSON() ([]byte, error)
Marshalling the alert update requests
type HiveUpdateCase ¶
type HiveUpdateCase struct {
Title string `json:"title,omitempty"`
Description *string `json:"description,omitempty"`
Severity string `json:"severity,omitempty"`
StartDate time.Time `json:"startDate,omitempty"`
EndDate time.Time `json:"endDate,omitempty"`
Tags *[]string `json:"tags,omitempty"`
Flag *bool `json:"flag,omitempty"`
Tlp string `json:"tlp,omitempty"`
Pap string `json:"pap,omitempty"`
Status string `json:"status,omitempty"`
Summary *string `json:"summary,omitempty"`
Assignee string `json:"assignee,omitempty"`
CustomFields *[]CustomField `json:"customFields,omitempty"`
Template string `json:"caseTemplate,omitempty"`
Tasks *[]CaseTask `json:"tasks,omitempty"`
SharingParameters *[]SharingParameter `json:"sharingParameters,omitempty"`
TaskRule string `json:"taskRule,omitempty"`
ObservableRule string `json:"observableRule,omitempty"`
ImpactStatus *string `json:"impactStatus,omitempty"`
AddTags []string `json:"addTags,omitempty"`
RemoveTags []string `json:"removeTags,omitempty"`
}
func (*HiveUpdateCase) MarshalJSON ¶
func (hu *HiveUpdateCase) MarshalJSON() ([]byte, error)
Marshalling the case requests converting the time objects into Unixmilli int64 values
type Hivedata ¶
type Hivedata struct {
Url string
Apikey string
Client HttpClient
}
A Hivedata stores the apikey, url and http client for subsequent API calls
func CreateLogin ¶
CreateLogin Defines API login principles that can be reused in requests Returns a Hivedata struct
func (*Hivedata) AddAlertComment ¶
func (hive *Hivedata) AddAlertComment(alertId string, comment *Comment) (*CommentResponse, error)
AddAlertComment adds a comment to an existing alert Returns the created comment as Comment or an error
func (*Hivedata) AddAlertObservable ¶
func (hive *Hivedata) AddAlertObservable(alertNumber string, observable Observable) error
AddAlertObservable adds a new observable to an existing alert. Returns an error if the addition fails.
func (*Hivedata) AddAlertProcedure ¶
func (hive *Hivedata) AddAlertProcedure(alertId string, procedure *Procedure) (*ProcedureResponse, error)
AddAlertProcedure adds a procedure to an existing alert
func (*Hivedata) AddCaseComment ¶
func (hive *Hivedata) AddCaseComment(caseId int, comment *Comment) (*CommentResponse, error)
AddCaseComment adds a comment to an existing case Returns the created comment as Comment or an error
func (*Hivedata) AddCaseObservable ¶
func (hive *Hivedata) AddCaseObservable(incidentNumber int, observable *Observable) error
AddCaseObservable adds observables to an existing case.
func (*Hivedata) AddCaseObservableFile ¶
func (hive *Hivedata) AddCaseObservableFile(incidentNumber int, observable *Observable, file *os.File) error
AddCaseObservableFile adds a file as an observable to a case.
func (*Hivedata) AddCaseProcedure ¶
func (hive *Hivedata) AddCaseProcedure(caseId int, procedure *Procedure) (*ProcedureResponse, error)
AddCaseProcedure adds a procedure to an existing case
func (*Hivedata) AddTaskToCase ¶
func (hive *Hivedata) AddTaskToCase(caseId int, task *CaseTask) (*CaseTaskResponse, error)
AddTaskToCase creates a new task and adds to an existing case
func (*Hivedata) CreateAlert ¶
func (hive *Hivedata) CreateAlert(alertObject *HiveAlert) (*HiveAlertResponse, error)
CreateAlert adds a new alert on thehive5 and returns the created alert response.
func (*Hivedata) CreateCase ¶
func (hive *Hivedata) CreateCase(newCase *HiveCase) (*HiveCaseResponse, error)
CreateCase is used to add a new case on thehive5 Returns HiveCase struct and response error
func (*Hivedata) CreateCaseFromAlert ¶
func (hive *Hivedata) CreateCaseFromAlert(alertId string, alert *HiveCase) (*HiveCaseResponse, error)
CreateCaseFromAlert creates a new case from an existing alert Returns newly created case
func (*Hivedata) CreateTaskLog ¶
func (hive *Hivedata) CreateTaskLog(taskId string, log *TaskLog) (*TaskLogResponse, error)
GetTaskLog returns all log entries of a task A task ID must be provided
func (*Hivedata) CreateTimelineEvent ¶
func (hive *Hivedata) CreateTimelineEvent(caseId int, event *TimelineEvent) (*TimelineEventResponse, error)
CreateTimelineEvent creates a new CustomEvent in a case
func (*Hivedata) DeleteAlert ¶
DeleteAlert deletes an alert and returns an error if the deletion fails.
func (*Hivedata) DeleteCase ¶
func (*Hivedata) DeleteCaseTemplate ¶
DeleteCaseTemplate allows the deletion of templates on thehive5 instance. it returns an error only if the deletion failed.
func (*Hivedata) DeleteObservable ¶
DeleteObservable deletes an observable Only returns data if an error occured
func (*Hivedata) DeleteTask ¶
DeleteTask deletes an existing task from a case only returns data if an error occured
func (*Hivedata) DeleteTimelineEvent ¶
DeleteTimelineEvent deletes a specific event Returns err on failure
func (*Hivedata) FindAlertsByCustomField ¶
func (hive *Hivedata) FindAlertsByCustomField(queryfield string, queryvalue string) ([]HiveAlertResponse, error)
FindAlertsByCustomField does the same thing as FindAlertsByField but for custom fields. Use this function for custom fields
func (*Hivedata) FindAlertsByFieldTimed ¶
func (hive *Hivedata) FindAlertsByFieldTimed(queryfield string, queryvalue string, timeframe time.Time) ([]HiveAlertResponse, error)
FindAlertsByFieldTimed allows a lookback for a specific time for the _UpdatedArt field and a specific field & value
func (*Hivedata) FindCase ¶
func (hive *Hivedata) FindCase(searchQuery []SearchQuery) ([]HiveCaseResponse, error)
FindCase allows to search for self defined case queries
func (*Hivedata) FindCaseByCustomField ¶
func (hive *Hivedata) FindCaseByCustomField(queryfield string, queryvalue string) ([]HiveCaseResponse, error)
FindCaseByCustomField finds cases acoording to the query values on a specific custom field submitted
func (*Hivedata) FindObservable ¶
func (hive *Hivedata) FindObservable(value string) ([]ObservableResponse, error)
Find an observable globally It returns a pointer to an ObservableResponse slice or an error Be aware that the ObservableResponse will contain a ExtraData field which contains a HiveCaseResponse or HiveAlerResponse object
func (*Hivedata) GetAlert ¶
func (hive *Hivedata) GetAlert(alertId string) (*HiveAlertResponse, error)
GetAlert retrieves a single Alert using its alertId. It returns an HiveAlertResponse or an error.
func (*Hivedata) GetAlertComments ¶
func (hive *Hivedata) GetAlertComments(alertId string) ([]CommentResponse, error)
GetAlertComments returns all comments associated with an alert It returns a comment slice or an error
func (*Hivedata) GetAlertObservable ¶
func (hive *Hivedata) GetAlertObservable(alertId, queryfield, queryvalue string) (*ObservableResponse, error)
GetAlertObservable returns a single observable associated with an alert. Use this if you need to get all alerts that have a specific observable with a specific value Example: queryfield: data, queryvalue: 127.0.0.1
func (*Hivedata) GetAlertObservables ¶
func (hive *Hivedata) GetAlertObservables(alertId string) ([]ObservableResponse, error)
GetAlertObservables returns all observables associated with an alert
func (*Hivedata) GetAlertsTimed ¶
func (hive *Hivedata) GetAlertsTimed(timeframe time.Time) ([]HiveAlertResponse, error)
GetAlertsTimed returns all alerts which were updated since a specific date
func (*Hivedata) GetCase ¶
func (hive *Hivedata) GetCase(caseId int) (*HiveCaseResponse, error)
GetCase looks up a case by ID and returns it
func (*Hivedata) GetCaseAlerts ¶
func (hive *Hivedata) GetCaseAlerts(caseId int) ([]HiveAlertResponse, error)
GetCaseAlerts returns all alerts associated with a case It returns a AlertsResponse slice or an error
func (*Hivedata) GetCaseComments ¶
func (hive *Hivedata) GetCaseComments(caseId int) ([]CommentResponse, error)
GetCaseComments returns all comments associated with a case It returns a comment slice or an error
func (*Hivedata) GetCaseCommentsTimed ¶
func (hive *Hivedata) GetCaseCommentsTimed(caseId int, timeframe time.Time) ([]CommentResponse, error)
GetCaseCommentsTimed takes a time object to look back and return all comments for a specific case in that frame.
func (*Hivedata) GetCaseObservables ¶
func (hive *Hivedata) GetCaseObservables(caseId int) ([]ObservableResponse, error)
GetCaseObservables returns all observables associated with a case It returns an observable slice or an error
func (*Hivedata) GetCaseObservablesFiltered ¶
func (hive *Hivedata) GetCaseObservablesFiltered(caseId int, queryfield, queryvalue string) ([]ObservableResponse, error)
GetCaseObservableFiltered returns a single specified observable associated with a case filtered on a field & value It returns an observable slice or an error
func (*Hivedata) GetCaseStatusOptions ¶
func (hive *Hivedata) GetCaseStatusOptions() ([]CaseStatusResponse, error)
GetCaseStatusOptions returns all options that are able to be set on a case
func (*Hivedata) GetCaseTasks ¶
func (hive *Hivedata) GetCaseTasks(caseId int) ([]CaseTaskResponse, error)
GetCaseTasks returns all tasks associated with a case It returns a task slice or an error
func (*Hivedata) GetCaseTemplate ¶
func (hive *Hivedata) GetCaseTemplate(templateName string) (*CaseTemplateResponse, error)
GetCaseTemplate looks up a specific template on thehive5 instance. It returns the CaseTemplateResponse of an error on failure
func (*Hivedata) GetCasesTimed ¶
func (hive *Hivedata) GetCasesTimed(timeframe time.Time) ([]HiveCaseResponse, error)
GetCasesTimed takes time object to look back for a certain time and returns all the cases found timeframe is always timeframe < xxx which means that everything since the timeframe will be returned
func (*Hivedata) GetObservable ¶
func (hive *Hivedata) GetObservable(observableID string) (*ObservableResponse, error)
Get a single Observable It returns a pointer to an observable object or an error
func (*Hivedata) GetObservableTypes ¶
func (hive *Hivedata) GetObservableTypes() ([]ObservableTypeResponse, error)
GetObservableTypes returns all types an observable can be
func (*Hivedata) GetTask ¶
func (hive *Hivedata) GetTask(taskId string) (*CaseTaskResponse, error)
GetTask returns a single CaseTaskResponse object or error A task ID must be provided
func (*Hivedata) GetTaskLogs ¶
func (hive *Hivedata) GetTaskLogs(taskId string) ([]TaskLogResponse, error)
GetTaskLogs returns all logs associated with a task It returns a task log slice or an error
func (*Hivedata) GetTimeline ¶
func (hive *Hivedata) GetTimeline(caseId int) ([]FullTimelineResponse, error)
GetTimeline returns all timeline objects from a case. This includes CustomEvents,Tasks and built-in events
func (*Hivedata) GetTimelineEvent ¶
func (hive *Hivedata) GetTimelineEvent(caseId int, eventId string) (*EventDetail, error)
GetTimelineEvent returns a single event Returns err if no event was found
func (*Hivedata) GetVisibleUsers ¶
func (hive *Hivedata) GetVisibleUsers() ([]UserResponse, error)
GetVisibleUsers returns all users that are visible to the service
func (*Hivedata) MergeAlert ¶
MergeAlert merges an alert into a case. The alertId must be a string, while the caseNumber must be an int. It returns an error if the merging process fails.
func (*Hivedata) UpdateAlert ¶
func (hive *Hivedata) UpdateAlert(alertId string, alert *HiveUpdateAlert) error
UpdateAlert updates an alert given a HiveUpdateAlert struct
func (*Hivedata) UpdateCase ¶
func (hive *Hivedata) UpdateCase(idOrName int, updatedCase *HiveUpdateCase) error
UpdateCase is used to update an existing case on thehive5 Only returns data if an error occurs
func (*Hivedata) UpdateCaseTemplate ¶
func (hive *Hivedata) UpdateCaseTemplate(templateName string, updatedTemplate CaseTemplate) error
UpdateCaseTemplate updates an already existing template on thehive5. Submit the template name as first argument and a CaseTemplate object with the attributes you want to overwrite as the second.
func (*Hivedata) UpdateObservable ¶
func (hive *Hivedata) UpdateObservable(observableID string, observable *Observable) error
DeleteObservable deletes an observable specified by the ID got through GetObservables Only returns data if an error occured
func (*Hivedata) UpdateTask ¶
UpdateTask updates an existing task Only returns data if an error occured
func (*Hivedata) UpdateTimelineEvent ¶
func (hive *Hivedata) UpdateTimelineEvent(eventId string, event *TimelineEvent) error
UpdateTimelineEvent updates a specified event returns err on failure
type HttpClient ¶
a HttpClient interface gets used for testing
type Links ¶
type Links struct {
ToOrganisation string `json:"toOrganisation"`
Avatar string `json:"avatar,omitempty"`
LinkType string `json:"linkType,omitempty"`
OtherLinkType string `json:"otherLinkType,omitempty"`
Alert *HiveAlertResponse `json:"alert,omitempty"`
Case *HiveCaseResponse `json:"case,omitempty"`
}
type Observable ¶
type Observable struct {
DataType string `json:"dataType,omitempty"`
Data string `json:"data,omitempty"`
Message string `json:"message,omitempty"`
Tlp string `json:"tlp,omitempty"`
Pap string `json:"pap,omitempty"`
Tags []string `json:"tags,omitempty"`
Ioc bool `json:"ioc,omitempty"`
Sighted bool `json:"sighted,omitempty"`
StartDate time.Time `json:"startDate,omitempty"`
SightedAt time.Time `json:"sightedAt,omitempty"`
IgnoreSimilarity bool `json:"ignoreSimilarity,omitempty"`
IsZip bool `json:"isZip,omitempty"`
ZipPassword string `json:"zipPassword,omitempty"`
}
An Observable is used to define objects that have been seen in an alert on an incident It was renamed from Artifact to Observable in thehive5
func (*Observable) MarshalJSON ¶
func (o *Observable) MarshalJSON() ([]byte, error)
Marshalling the observables
type ObservableResponse ¶
type ObservableResponse struct {
Id string `json:"_id"`
Type string `json:"_type"`
CreatedBy string `json:"_createdBy"`
UpdatedBy string `json:"_updatedBy"`
CreatedAt time.Time `json:"_createdAt"`
UpdatedAt time.Time `json:"_updatedAt"`
DataType string `json:"dataType"`
Data string `json:"data"`
StartDate time.Time `json:"startDate"`
Attachment Attachment `json:"attachment"`
Tlp int `json:"tlp"`
TlpLabel string `json:"tlpLabel"`
Pap int `json:"pap"`
PapLabel string `json:"papLabel"`
Tags []string `json:"tags"`
Ioc bool `json:"ioc"`
Sighted bool `json:"sighted"`
SightedAt time.Time `json:"sightedAt"`
Reports struct{} `json:"reports"`
Message string `json:"message"`
ExtraData ExtraData `json:"extraData,omitempty"`
IgnoreSimilarity bool `json:"ignoreSimilarity"`
}
ObservableResponse contains the returned values from thehive5 observable api
func (*ObservableResponse) UnmarshalJSON ¶
func (or *ObservableResponse) UnmarshalJSON(data []byte) error
type ObservableTypeResponse ¶
type ObservableTypeResponse struct {
Id string `json:"_id"`
Type string `json:"_type"`
CreatedAt time.Time `json:"_createdAt"`
CreatedBy string `json:"_createdBy"`
Name string `json:"name"`
IsAttachment bool `json:"isAttachment"`
}
func (*ObservableTypeResponse) UnmarshalJSON ¶
func (or *ObservableTypeResponse) UnmarshalJSON(data []byte) error
type Organisations ¶
type Procedure ¶
type Procedure struct {
PatternId string `json:"patternId"`
OccurDate time.Time `json:"occurDate"`
Tactic *string `json:"tactic,omitempty"`
Description *string `json:"description,omitempty"`
}
A Procedure contains TTPs
func (*Procedure) MarshalJSON ¶
Marshalling the alert requests
type ProcedureResponse ¶
type ProcedureResponse struct {
Id string `json:"_id,"`
CreatedAt time.Time `json:"_createdAt"`
CreatedBy string `json:"_createdBy"`
UpdatedAt time.Time `json:"_updatedAt,omitempty"`
UpdatedBy string `json:"_updatedBy,omitempty"`
Description string `json:"description,omitempty"`
OccurDate time.Time `json:"occurDate"`
PatternID string `json:"patternId,omitempty"`
PatternName string `json:"patternName,omitempty"`
Tactic string `json:"tactic"`
TacticLabel string `json:"tacticLabel"`
ExtraData map[string]string `json:"extraData"`
}
ProcedureResponse contains the values of the procedure/ttp operations
func (*ProcedureResponse) UnmarshalJSON ¶
func (p *ProcedureResponse) UnmarshalJSON(data []byte) error
shadow unmarshalling for ProcedureResponse
type Scope ¶
type Scope struct {
From int `json:"from,omitempty"`
To int `json:"to,omitempty"`
ExtraData ExtraData `json:"extraData"`
}
A Scope has to be defined to search on specific pages
type SearchQuery ¶
type SearchQuery struct {
Name string `json:"_name"`
And *[]Filter `json:"_and,omitempty"`
Or *[]Filter `json:"_or,omitempty"`
Any *Filter `json:"_any,omitempty"` // not properly documented
Not *Filter `json:"_not,omitempty"` // not properly documented
Lt *Filter `json:"_lt,omitempty"`
Gt *Filter `json:"_gt,omitempty"`
Lte *Filter `json:"_lte,omitempty"`
Gte *Filter `json:"_gte,omitempty"`
Ne *Filter `json:"_ne,omitempty"`
Eq *Filter `json:"_eq,omitempty"`
Is *Filter `json:"_is,omitempty"`
StartsWith *Filter `json:"_startsWith,omitempty"`
EndsWith *Filter `json:"_endsWith,omitempty"`
Id string `json:"_id,omitempty"`
Between *Filter `json:"_between,omitempty"`
In *Filter `json:"_in,omitempty"`
Contains string `json:"_contains,omitempty"`
Like *Filter `json:"_like,omitempty"`
Match *Filter `json:"_match,omitempty"`
Sort *[1]map[string]string `json:"_fields,omitempty"`
ScopeFrom int `json:"from,omitempty"`
ScopeTo int `json:"to,omitempty"`
ExtraData []string `json:"extraData,omitempty"`
IdOrName string `json:"idOrName,omitempty"`
}
SearchQuery includes all available filter for the query api endpoint on thehive5
func (*SearchQuery) MarshalJSON ¶
func (s *SearchQuery) MarshalJSON() ([]byte, error)
Marshalling the SearchQuery
type Severity ¶
type Severity int
A method is used for HTTP calls to determine what http method should be used
Constant to handle HTTP methods
func (*Severity) FromString ¶
type SharingParameter ¶
type SharingParameter struct {
Organisation string `json:"organisation"`
Profile string `json:"profile,omitempty"`
TaskRule string `json:"taskRule,omitempty"`
ObservableRule string `json:"observableRule,omitempty"`
}
SharingParameter includes the informations necessary to share a case / alert across organizations
type TaskLog ¶
type TaskLog struct {
Message string `json:"message"`
StartDate time.Time `json:"startDate,omitempty"`
IncludeInTimeline time.Time `json:"includeInTimeline,omitempty"`
Attachments *interface{} `json:"attachments,omitempty"`
}
TaskLog contains all task log informations
func (*TaskLog) MarshalJSON ¶
Marshalling the TaskLog requests
type TaskLogResponse ¶
type TaskLogResponse struct {
Id string `json:"_id"`
Type string `json:"_type"`
CreatedBy string `json:"_createdBy"`
UpdatedBy string `json:"_updatedBy"`
CreatedAt time.Time `json:"_createdAt"`
UpdatedAt time.Time `json:"_updatedAt"`
Message string `json:"message"`
Date time.Time `json:"date"`
Attachments []interface{} `json:"attachments"`
Owner string `json:"owner"`
IncludeInTimeline time.Time `json:"includeInTimeline"`
ExtraData struct{} `json:"extraData"`
}
TaskLogResponse contains all task log responded
func (*TaskLogResponse) UnmarshalJSON ¶
func (tl *TaskLogResponse) UnmarshalJSON(data []byte) error
shadow Unmarshalling function for TaskLogResponse
type TimelineEvent ¶
type TimelineEvent struct {
Date time.Time `json:"date,omitempty"`
EndDate time.Time `json:"endDate,omitempty"`
Title string `json:"title,omitempty"`
Description string `json:"description,omitempty"`
}
TimelineEvent contains the information about a new or changed event for a case
func (*TimelineEvent) MarshalJSON ¶
func (t *TimelineEvent) MarshalJSON() ([]byte, error)
Marshalling the TimelineEvent
type TimelineEventResponse ¶
type TimelineEventResponse struct {
Id string `json:"_id"`
Type string `json:"_type"`
CreatedBy string `json:"_createdBy"`
UpdatedBy string `json:"_updatedBy,omitempty"`
CreatedAt time.Time `json:"_createdAt"`
UpdatedAt time.Time `json:"_updatedAt,omitempty"`
Date time.Time `json:"date"`
EndDate time.Time `json:"endDate,omitempty"`
Title string `json:"title"`
Description string `json:"description,omitempty"`
}
TimelineEventResponse contains the response of the timeline api endpoint
func (*TimelineEventResponse) UnmarshalJSON ¶
func (ter *TimelineEventResponse) UnmarshalJSON(data []byte) error
Unmarshal thehive5 returned values into the HiveHiveAlertResponse structs. Making sure that int64 gets converted into time.Time
type UserResponse ¶
type UserResponse struct {
Id string `json:"_id"`
CreatedBy string `json:"_createdBy"`
UpdatedBy string `json:"_updatedBy,omitempty"`
CreatedAt time.Time `json:"_createdAt"`
UpdatedAt time.Time `json:"_updatedAt,omitempty"`
Login string `json:"login"`
Name string `json:"name"`
Email string `json:"email,omitempty"`
HasKey bool `json:"hasKey"`
HasPassword bool `json:"hasPassword"`
HasMFA bool `json:"hasMFA"`
Locked bool `json:"locked"`
Profile string `json:"profile"`
Permissions []string `json:"permissions,omitempty"`
Organisation string `json:"organisation"`
Avatar string `json:"avatar,omitempty"`
Organisations []Organisations `json:"organisations,omitempty"`
Type string `json:"type"`
DefaultOrganisation string `json:"defaultOrganisation"`
ExtraData map[string]string `json:"extraData"`
}
UserResponse contains all available data of a user object on the hive
func (*UserResponse) UnmarshalJSON ¶
func (u *UserResponse) UnmarshalJSON(data []byte) error
Source Files
Directories